VIRUS AND SPY PROTECTION ARCHITECTURE. Page 2 Agenda In this module Processes and services Product components Message flow during various scan operations.

Slides:



Advertisements
Similar presentations
AVG Anti-Malware 7.5 Product presentation. AVG Anti-Malware 7.5 Contents Anti-virus protection levels Detection methods Supported platforms and installation.
Advertisements

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Lesson 4: Web Browsing.
AVG Internet Security 7.5 Product presentation.
TROUBLESHOOTING. Page 2 Agenda This section covers Most common cases Disinfection related problems Installation problems General tips Specific cases.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Printing Terminology. Requirements for Network Printing At least one computer to operate as the print server Sufficient RAM to process documents Sufficient.
Overview SAP Basis Functions. SAP Technical Overview Learning Objectives What the Basis system is How does SAP handle a transaction request Differentiating.
VIRUS AND SPY PROTECTION ADMINISTRATION. Page 2 Agenda Main topics Administration interface Local user interface Administrating scanning remotely Tips.
ADVANCED FUNCTIONALITY & TROUBLESHOOTING. Page 2 Agenda Internet Shield Architecture Advanced functionality IDS vs. packet filter Stateful packet filters.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
FUNCTIONALITY AND FEATURES. Page 2 Agenda Main topics System requirements Scanning Viruses Spyware Updating virus signature updates Other features.
INTRODUCING F-SECURE POLICY MANAGER
P6 - CONFIGURE THE SOFTWARE. CONFIGURE SOFTWARE Most software can be configured to suit an individual user, for example by changing the appearance of.
ADMINISTRATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.
Hands-On Microsoft Windows Server 2008
WINDOWS SERVICES. Introduction You often need programs that run continuously in the background Examples: – servers –Print spooler You often need.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Introducing, Installing, and Upgrading Windows 7 Lesson 7.
Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.
Chapter Fourteen Windows XP Professional Fault Tolerance.
CSI-E Computer Security Investigator – Enterprise.
University of Management & Technology 1 Operating Systems & Utility Programs.
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.
Client – Server Architecture. Client Server Architecture A network architecture in which each computer or process on the network is either a client or.
Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-
BASIC FUNCTIONALITY. Page 2 Agenda Main topics Policy Manager Communication Understanding communication Information flow Communication modules F-Secure.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Computer Emergency Notification System (CENS)
ADMINISTRATION HANDS-ON. Page 2 Agenda Task 1: Initial Configuration Task 2: Testing disinfection with eicar.com HTTP traffic scanning, manual scanning.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Using Novell GroupWise ® 6 Monitor Duane Kuehne Software Engineer Novell, Inc. Danita Zanre Senior Consultant NSC Sysop,
Module 5: Configuring Internet Explorer and Supporting Applications.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
Page 1 Printing & Terminal Services Lecture 8 Hassan Shuja 11/16/2004.
Administering Microsoft Windows Server 2003 Chapter 2.
NetTech Solutions Protecting the Computer Lesson 10.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Web Services Using Visual.NET By Kevin Tse. Agenda What are Web Services and Why are they Useful ? SOAP vs CORBA Goals of the Web Service Project Proposed.
CSC190 Introduction to Computing Operating Systems and Utility Programs.
Linux Operations and Administration Chapter Twelve Configuring a Mail Server.
Client – Server Architecture A Basic Introduction 1.
Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTERSTAGE BPM ARCHITECTURE BPMS.
Windows Vista Configuration MCTS : Network Security.
3.1 Types of Servers.
Anti Virus System i-Specific Anti-Virus Product
3.1 Types of Servers.
Lesson 4: Web Browsing.
3.1 Types of Servers.
Lesson 4: Web Browsing.
Chapter 9: Configuring Internet Explorer
Presentation transcript:

VIRUS AND SPY PROTECTION ARCHITECTURE

Page 2 Agenda In this module Processes and services Product components Message flow during various scan operations

PROCESSES AND SERVICES

Page 4 AVCS Processes F-Secure Management Agent fameh32.exe, fch32.exe, fsih32.exe, fsnrb32.exe, fsm32.exe, fsma32.exe, fsmb32.exe, fsguidll.exe F-Secure Virus & Spy Protection fsav32.exe, fsaw.exe, fsgk32.exe, fsgk32st.exe, fsdfwd.exe, fsqh.exe, fsrw.exe, fssm32.exe F-Secure Automatic Update Agent fsbwsys.exe, F-Secure Automatic Update.exe

Page 5 Processes: FSMA fsm32.exe F-Secure Manager, displays the F- tray icon fsma32.exe F-Secure Management Agent (Service) fsmb32.exe Message Broker, processes communication between the different modules & products fsnrb32.exe Handles the communication between the hosts and the PMS fameh32. exeAlert and Messaging Handler, handles alert and log forwarding fch32.exe Configuration Handler, reads the base policy files and writes the incremental policy files fsih32.exe Installation Handler. Launches ilaunchr.exe during installations

Page 6 Processes: Virus & Spy Protection fsav32.exe Anti-Virus Handler fsaw.exe F-Secure Ad-Watch (Browser Control) fsdfwd.exe Anti-Virus Firewall Deamon. Redirects s to the Scanner Manager (Service) fsqh.exe Handles object quarantine fsgk32.exe Gatekeeper Handler. Receives real-time scan requests from the Gatekeeper fsgk32st.exe Gatekeeper Handler Starter (Service) fsrw.exe F-Secure Reg-Watch (System Control) fssm32.exe Scanner Manager. Manages scanning engines

Page 7 Virus & Spy Protection Services F-Secure Management Agent Environment NET STOP/START FSMA: fameh32.exe, fsaw.exe, fch32.exe, fsih32.exe, fnrb32.exe, fsm32.exe, fsma32.exe, fsmb32.exe, fsdfwd.exe, fsrw.exe, fsguidll.exe F-Secure Gatekeeper Environment NET STOP/START FSGKHS: fsgk32.exe, fsgk32st.exe, fssm32.exe F-Secure Automatic Update Environment NET STOP/START FSBWSYS: fsbwsys.exe, F-Secure Automatic Update.exe

PRODUCT COMPONENTS

Page 9 Services Internet Server Kernel Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler System Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Product Components Desktop Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 10 Services Desktop Client User Interfaces Internet Server Kernel Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler System Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Browser Control Spyware Quarantine System Control Real-Time Scanning: Clean File

Page 11 Services Desktop Client User Interfaces Internet Server Kernel Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler System Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Browser Control Spyware Quarantine System Control Real-Time Scanning: Infected File

Page 12 Gatekeeper Driver fsgk.sys, fsrec.sys and fsfilter.sys Provides the low-level file I/O for the user mode scanning (kernel mode) Intercepts and postpones file I/O request Posts scan request to Gatekeeper Handler (file or boot sector) Denies file access if file is infected Does not participate in the actual scanning Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 13 Gatekeeper Handler fsgk32.exe Handles communication between Kernel and user mode Receives real-time scan requests from Gatekeeper driver Assigns scanning tasks to Scanner Manager, sends databases to Scanner Manager Starts and initializes Scanner Manager Enables GKH API through FSMA Manages policies interface Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 14 Scanner Manager fssm32.exe Manages scan engines (sending scanning requests), isolated from framework Upon finding an infection, Scanner Manager will decide which action to take Implements ”Black-listing” of files that caused crash of a scan engine to prevent crash-loops, etc. Calls System Clean-up Module and Spyware Quarantine when disinfection selected Handles locked files Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 15 Scanning Engines dffpi.dll, avpproxy.dll, fslfpi.dll and lsse.dll Perform the actual scanning of files as requested by the Scanner Manager Scanning engines are DLLs loaded into scanner manager’s process space (provides a ”sandbox” environment) Orion is a binary scanning engine AVP Proxy is a binary scanning engine with an a large virus history coverage Libra is macro and script virus engine Draco handles spyware, tracking cookie removal and hosts file protection Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 16 System Clean-Up Module fssc.fsd Handles special virus-specific cleanup actions. Called by Scan Manager every time an infection needs to be removed (disinfected) Calls secondary action lists Changes secondary action behaviour Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 17 Manual Scan: Virus vs. Spyware Services Anti-Virus Handler Scanner Manager Libra Orion Draco AVP Spyware Quarantine Desktop Client User InterfacesBrowser Control Registry File System 3 Detection Clean File File w/ Virus Trojan 4 Removal Clean File Detection HKEY_LOCAL_M… 4 Spyware File 5 System Clean-up Module

Page 18 Anti-Virus Handler fsav32.exe Handles on-demand scans Decides when is it be necessary to ask the user to restart the computer When such a decision has been made, an appropriate message will be sent to FSMUIAV Gatekeeper Handler will notify AVH about situations when a need to restart a computer arises Posts alerts to FSMA (which will forward the alerts as specified in its policy) Delivers database updates Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 19 User Interfaces fsm32.exe F-Secure Manager (FSM) manages the GUI plug-ins fsmuiav.dll Shows a dialog or message box to the user, asking the computer to be restarted when necessary. Invokes Scan Wizard and provides it with required information fsuipx.dll System Control UI Proxy Communication link between F-Secure System Control and GUI fsawfsm.dll Ad-Watch plug-in Communication link between F-Secure Browser Control and GUI Loads F-Secure Browser Control (fsaw.exe)

Page 20 Spyware Quarantine fsqrt.dll Generic component of F-Secure scanning services (currently only spyware) Scanners communicate with quarantine via FSSM Provides storage for removed objects (XML based database) Relies on Access Control Lists (ACLs) and user rights User needs administrative rights to clean system and add or restore objects Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 21 Services Desktop Client User Interfaces Internet Server Kernel Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler System Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Browser Control Spyware Quarantine System Control Scanning: Sending (SMTP)

Page 22 Services Desktop Client User Interfaces Internet Server Kernel Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler System Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Browser Control Spyware Quarantine System Control Scanning: Receiving (POP & IMAP)

Page 23 Firewall Driver fsdfw.sys Catches all new outgoing connections and re-routes them to the Scanning Module Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 24 Firewall Deamon and Scanning Module fsdfwd.exe Starts F-Secure Scanning Module (FSAVES) Receives re-routed s from firewall engine Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module fsmirror.dll Detects possible s being transmitted (either sent or received) and stores them temporary for scanning Sends path or memory address (depending on size) to F- Secure Scanner Manager (FSSM) module which starts scanning in the following order

Page 25 Registry Watch (System Control) fsrw.exe Does the actual registry monitoring Communicates with GUI through System Control UI Proxy (fsuipx.dll) Loaded through FSMA interface Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 26 Browser Control Services Desktop Client User Interfaces Kernel Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Browser Control Spyware Quarantine System Control Browser HTTP Scanning Module 1

Page 27 Ad-Watch (Browser Control) fsaw.dll Lavasoft Ad-Watch module Does the actual blocking for IE Shield and Pop-up Blocker features Framework integration through F- Secure Browser Control (fsaw.exe) Settings, database and license handling Communication with GUI Loaded through FSM interface Running as user account Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 28 Services Desktop Client User Interfaces Kernel Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler System Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Browser Control Spyware Quarantine System Control Web Traffic Scanning 3 2 Browser HTTP Scanning Module 1

Page 29 HTTP Scanner fslsp.dll, fshttp.dll Loaded into the process space of the applications that uses HTTP (they are hooked into the WinSock DLL) HTTP scanner uses Scanner Manager for scanning via Gatekeeper Server Firewall DriverGatekeeper Driver Gatekeeper Handler Anti-Virus Handler Clean-up Module Firewall Daemon Management Agent Scanning Module Scanner Manager Libra Orion Draco AVP Spyware Quarantine System Control Client User Interfaces Browser Control Browser HTTP Scanning Module

Page 30 Summary In this module Processes and services Product components Message flow during various scan operations

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.